Conversation
feat: prod 프로필 추가 및 설정 정리
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request focuses on preparing the application for production deployment by introducing environment-specific configuration files and cleaning up redundant test code. The changes ensure better separation of concerns for configuration management and improve the maintainability of the test suite. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a production configuration file (application-prod.yml), cleans up duplicate test cases in CrewDocumentServiceTest.java, and updates .gitignore and local application profiles. Feedback highlights critical security and stability concerns: using ddl-auto: update in production poses a high risk of accidental schema modifications, and narrowing the .gitignore pattern from application-*.yml to a specific file increases the risk of committing sensitive configuration files.
|
|
||
| jpa: | ||
| hibernate: | ||
| ddl-auto: update |
There was a problem hiding this comment.
Using ddl-auto: update in a production environment is highly risky. It can lead to accidental schema modifications, data loss, or performance issues during application startup. It is strongly recommended to set ddl-auto to none or validate in production, and manage database migrations using dedicated tools like Flyway or Liquibase.
ddl-auto: validate| .vscode/ | ||
|
|
||
| application-*.yml | ||
| src/main/resources/application-private.yml |
There was a problem hiding this comment.
Changing the ignore pattern from application-*.yml to only src/main/resources/application-private.yml means other environment-specific configuration files (such as application-local.yml or other custom configuration files) are no longer ignored. This increases the risk of developers accidentally committing sensitive credentials or local configurations to the repository. It is safer to keep the wildcard pattern or explicitly ignore other potential configuration files.
src/main/resources/application-private.yml
application-*.yml
2 participants
No description provided.